- Timestamp:
- 06/16/11 20:13:13 (13 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/lib/regfi.c
r256 r257 1997 1997 cur_key = regfi_iterator_cur_key(i); 1998 1998 if(cur_key == NULL) 1999 /* XXX: report error */1999 regfi_log_add(REGFI_LOG_ERROR, "Current key invalid in find_subkey."); 2000 2000 return ret_val; 2001 2001 … … 2100 2100 cur_key = regfi_iterator_cur_key(i); 2101 2101 if(cur_key == NULL) 2102 /* XXX: report error */2102 regfi_log_add(REGFI_LOG_ERROR, "Current key invalid in cur_subkey."); 2103 2103 return NULL; 2104 2104 … … 2129 2129 cur_key = regfi_iterator_cur_key(i); 2130 2130 if(cur_key == NULL) 2131 /* XXX: report error */2131 regfi_log_add(REGFI_LOG_ERROR, "Current key invalid in find_value."); 2132 2132 return ret_val; 2133 2133 … … 2161 2161 cur_key = regfi_iterator_cur_key(i); 2162 2162 if(cur_key == NULL) 2163 /* XXX: report error */2163 regfi_log_add(REGFI_LOG_ERROR, "Current key invalid in cur_value."); 2164 2164 return ret_val; 2165 2165 … … 2523 2523 } 2524 2524 2525 /* XXX: check for NULL */2526 2525 tmp_str = talloc_realloc(NULL, tmp_str, uint8_t, tmp_size); 2526 if(tmp_str == NULL) 2527 return false; 2527 2528 data->interpreted.string = tmp_str; 2528 2529 data->interpreted_size = tmp_size; … … 2770 2771 memcpy(ret_val->file_name, file_header+0x30, REGFI_REGF_NAME_SIZE); 2771 2772 2772 /* XXX: Should we add a warning if these uuid parsers fail? Can they? */2773 2773 ret_val->rm_id = winsec_parse_uuid(ret_val, file_header+0x70, 16); 2774 if(ret_val->rm_id == NULL) 2775 regfi_log_add(REGFI_LOG_WARN, "Hive header's rm_id failed to parse."); 2776 2774 2777 ret_val->log_id = winsec_parse_uuid(ret_val, file_header+0x80, 16); 2778 if(ret_val->log_id == NULL) 2779 regfi_log_add(REGFI_LOG_WARN, "Hive header's log_id failed to parse."); 2780 2775 2781 ret_val->flags = IVAL(file_header, 0x90); 2782 2776 2783 ret_val->tm_id = winsec_parse_uuid(ret_val, file_header+0x94, 16); 2784 if(ret_val->tm_id == NULL) 2785 regfi_log_add(REGFI_LOG_WARN, "Hive header's tm_id failed to parse."); 2786 2777 2787 ret_val->guid_signature = IVAL(file_header, 0xa4); 2778 2788 … … 3486 3496 3487 3497 /* XXX: do something with unalloc? */ 3488 3489 3498 max_size = regfi_calc_maxsize(file, offset); 3490 3499 if((max_size < 0) || (num_chunks*sizeof(uint32_t) + 4 > max_size)) -
trunk/lib/winsec.c
r253 r257 62 62 ret_val->control = SVAL(buf, 0x2); 63 63 64 /* XXX: should probably reject any non-self relative */ 64 65 if(!(ret_val->control & WINSEC_DESC_SELF_RELATIVE)) 65 66 fprintf(stderr, "DEBUG: NOT self-relative!\n"); -
trunk/python/pyregfi/__init__.py
r256 r257 11 11 # 12 12 # The library operates on registry hives, each of which is contained within a 13 # single file. To get started, one must first open the registry hive file with 14 # the open() or file() Python built-in functions (or equivalent) and then pass 15 # the resulting file object to pyregfi. For example: 13 # single file. The quickest way to get started, is to use the @ref openHive() 14 # function to obtain a Hive object. For example: 16 15 # @code 17 16 # >>> import pyregfi 18 # >>> fh = open('/mnt/win/c/WINDOWS/system32/config/system', 'rb') 19 # >>> myHive = pyregfi.Hive(fh) 17 # >>> myHive = pyregfi.openHive('/mnt/win/c/WINDOWS/system32/config/system') 20 18 # @endcode 21 19 # … … 300 298 # 301 299 class Security(_StructureWrapper): 302 ## Number of keys referencing this SK record300 ## Number of registry Keys referencing this SK record 303 301 ref_count = 1 304 302 … … 306 304 offset = 0xCAFEBABE 307 305 308 ## The @ref SecurityDescriptor for this SK record306 ## The @ref winsec.SecurityDescriptor for this SK record 309 307 descriptor = object() 310 308 … … 314 312 self.descriptor = winsec.SecurityDescriptor(base.contents.sec_desc.contents) 315 313 316 ## Loads the " previous" Security record in the hive314 ## Loads the "next" Security record in the hive 317 315 # 318 316 # @note … … 337 335 ## Abstract class for ValueList and SubkeyList 338 336 class _GenericList(object): 337 # XXX: consider implementing keys(), values(), items() and other dictionary methods 339 338 _hive = None 340 339 _key_base = None … … 373 372 ## Retrieves a list element by name 374 373 # 374 # @param name The name of the subkey or value desired. 375 # This is case-sensitive. 376 # 377 # @note The registry format does inherently prevent multiple 378 # subkeys or values from having the same name. 379 # This interface simply returns the first match. 380 # Lookups using this method could also fail due to incorrectly 381 # encoded strings. 382 # To identify any duplicates, use the iterator interface to 383 # check every list element. 384 # 375 385 # @return the first element whose name matches, or None if the element 376 386 # could not be found 377 387 def __getitem__(self, name): 388 # XXX: Consider interpreting integer names as offsets in the underlying list 378 389 index = ctypes.c_uint32() 379 390 if isinstance(name, str): … … 391 402 raise KeyError('') 392 403 404 405 ## Fetches the requested element by name, or the default value if the lookup 406 # fails. 407 # 393 408 def get(self, name, default): 394 409 try: … … 426 441 # @endcode 427 442 # 428 # @note SubkeyLists should never be accessed directly and only exist429 # in association with a parent Key object. Do not retain references to430 # SubkeyLists. Instead, access them via their parent Key at all times.443 # You may also request the len() of a subkeys list. 444 # However keys(), values(), items() and similar methods are not currently 445 # implemented. 431 446 class SubkeyList(_GenericList): 432 447 _fetch_num = regfi.regfi_fetch_num_subkeys … … 447 462 # @endcode 448 463 # 449 # @note ValueLists should never be accessed directly and only exist450 # in association with a parent Key object. Do not retain references to451 # ValueLists. Instead, access them via their parent Key at all times.464 # You may also request the len() of a values list. 465 # However keys(), values(), items() and similar methods are not currently 466 # implemented. 452 467 class ValueList(_GenericList): 453 468 _fetch_num = regfi.regfi_fetch_num_values … … 460 475 # access to their subkeys, values, and other metadata. 461 476 # 462 # @note Value instances may provide access to more than the attributes477 # @note Key instances may provide access to more attributes than are 463 478 # documented here. However, undocumented attributes may change over time 464 479 # and are not officially supported. If you need access to an attribute 465 # not shown here, see pyregfi.structures.480 # not shown here, see @ref pyregfi.structures. 466 481 class Key(_StructureWrapper): 467 482 ## A @ref ValueList object representing the list of Values … … 558 573 return None 559 574 575 576 ## Checks to see if this Key is the root of its Hive 577 # 578 # @return True if it is, False otherwise 560 579 def is_root(self): 561 580 return (self._hive.root == self) … … 567 586 # access to their associated data. 568 587 # 569 # @note Value instances may provide access to more than the attributes588 # @note Value instances may provide access to more attributes than are 570 589 # documented here. However, undocumented attributes may change over time 571 590 # and are not officially supported. If you need access to an attribute 572 # not shown here, see pyregfi.structures.591 # not shown here, see @ref pyregfi.structures. 573 592 class Value(_StructureWrapper): 574 593 ## The raw Value name as an uninterpreted bytearray -
trunk/python/pyregfi/winsec.py
r255 r257 97 97 98 98 ## Represents a Microsoft access control entry, which are elements of access 99 # control lists 99 # control lists. For more information, see: 100 # http://msdn.microsoft.com/en-us/library/aa374868%28v=vs.85%29.aspx 100 101 # 101 102 # @note … … 136 137 137 138 139 ## A Microsoft security descriptor 140 # For more information, see: 141 # http://msdn.microsoft.com/en-us/library/aa379563%28v=vs.85%29.aspx 142 # 138 143 class SecurityDescriptor(object): 139 144 ## The security descriptor's owner SID, as a string … … 143 148 group = "S-1-2-..." 144 149 145 ## A list of @ref ACE objects which represents the System ACL 146 # May be None if a sacl isn't defined 150 ## The system access control list represented as a list of @ref ACE objects. 151 # 152 # Is set to None if a sacl isn't defined 147 153 sacl = [] 148 154 149 ## A list of @ref ACE objects which represents the User ACL 150 # May be None if a dacl isn't defined 155 ## The discretionary access control list represented as a list of @ref ACE objects 156 # 157 # Is set to None if a dacl isn't defined 151 158 dacl = [] 152 159 … … 160 167 libc.free(c_str) 161 168 162 # XXX: add checks for NULL pointers163 169 self.sacl = None 164 170 if sec_desc.sacl:
Note: See TracChangeset
for help on using the changeset viewer.